INTERNET USER’S RIGHTS AND FUNDAMENTAL FREEDOMS DAYCoE and ECHR Standards on Data Protection and Right to Privacy Online
05/02/2023
Right to privacy/data protection online
Who controls our data Revelations by Edward Snowden Role of Private Sector Safe Harbour/Privacy Shield Positive obligation of the State
CoEModernised Convention 108 EUGeneral Data Protection Regulation
Council of Europe RegulationEuropean Convention on Human Rights
Article 8Right to respect for private and family life
1. Everyone has the right to respect for his private and family life, his home and his correspondence.2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic wellbeing of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
Council of Europe RegulationEuropean Convention on Human
Rights ARTICLE 9
Freedom of thought, conscience and religion 1. Everyone has the right to freedom of thought, conscience and religion; this right includes freedom to change his religion or belief and freedom, either alone or in community with others and in public or private, to manifest his religion or belief, in worship, teaching, practice and observance. 2. Freedom to manifest one’s religion or beliefs shall be subject only to such limitations as are prescribed by law and are necessary in a democratic society in the interests of public safety, for the protection of public order, health or morals, or for the protection of the rights and freedoms of others.
Council of Europe Data Protection regulation
Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS. 108) 1981
Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, regarding supervisory authorities and transborder data flows (ETS. 181) 2001
Modernisation of Convention (modernisation proposal adopted 2012)
Recommendation CM/Rec(2010)13 of the Committee of Ministers to member states on the protection of individuals with regard to automatic processing of personal data in the context of profiling
Council of Europe internet regulation
Recommendation CM/Rec(2016)5[1] of the Committee of Ministers to member States on Internet freedom
Recommendation CM/Rec(2012)4 of the Committee of Ministers to member States on the protection of human rights with regard to social networking services
Recommendation CM/Rec(2012)3 of the Committee of Ministers to member States on the protection of human rights with regard to search engines
Declaration of the Committee of Ministers on protecting the dignity, security and privacy of children on the Internet (Adopted by the Committee of Ministers on 20 February 2008)
European Court of human rightsdata protection case law
K.U. v Finland Roman Zakharov v. Russia (Application no. 47143/06) December 4,
2015
Relevant Documents: Case Law of the European Court of Human Rights Concerning the Protec
tion of Personal Data (2013)
Internet: case-law of the European Court of Human Rights (2015)
Handbook on European data protection law
Council of Europe Data protection terminology The key principles of European data protection law The rules of European data protection law The data subject’s rights and their enforcement Transborder data flows Data protection in the context of police and criminal justice Other specific European data protection laws Available in English…. Romanian
European Union agency for fundamental rights
European uniondata protection regulation and authorities
Data protection directive General Data Protection Regulation Opinions of the Article 29 Working Party
Article 29 Working Party European Data Protection Supervisor European Court of Justice
TrendsOPERATORS SHOULD NOT BE OBLIGED TO RETAIN DATAGOOGLE SEARCH TO COMPLY WITH DATA SUBJECT’S RIGHTSAGREEMENT ON DATA TRANSFER TO US COMPANIES IS INVALID
Data retention Digital Rights Ireland and Seitlinger and OthersJoined Cases C-293/12 and C-594/12, 8 April 2014
Data Retention Directive 2006all providers of publicly available electronic communications services or of public communications networks to keep all “meta data” for the period of minimum 6 months to maximum 24 month Court ruling: the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to
the protection of personal data the directive fails to lay down any objective criterion which would ensure that the competent national authorities
have access to the data the directive imposes a period of at least six months, without making any distinction between the categories of data
on the basis of the persons concerned or the possible usefulness of the data in relation to the objective pursued the directive does not provide for sufficient safeguards to ensure effective protection of the data against the risk of
abuse and against any unlawful access and use of the data the directive does not fully ensure the control of compliance with the requirements of protection and security by an
independent authorityEU legislature has exceeded the limits imposed by compliance with the principle of proportionality
Right to be forgottenGoogle Spain SL v. AEPD (the DPA) & Mario Costeja Gonzalez C-131/12, 13 May 2014
A Spanish citizen disputed an article about him available also via Google search results complained to Spanish Data Protection Authority, which ruled that Google should remove the disputed item from the search results and the latter challenged the ruling at the ECJCourt ruling:- Google is a data controller - Data protection directive applicable- Data subject’s rights apply - Right to be forgotten- Right to be delisted
Safe harbourMaximillian Schrems v Data Protection Commissioner C-362/14, 6 October 2015
Austrian citizen complained to Irish DPA about his personal data being transferred from Irish Facebook subsidiary to Facebook. Irish DPA rejected the complaint that in a decision of 26 July 2000 the Commission considered that, under the ‘safe harbour’ scheme, the United States ensures an adequate level of protection of the personal data transferredCourt ruling national security, public interest and law enforcement requirements of the United States prevail
over the safe harbour scheme, so that United States undertakings are bound to disregard, without limitation, the protective rules laid down by that scheme where they conflict with such requirements
not providing for any possibility for an individual to pursue legal remedies in order to have access to personal data relating to him, or to obtain the rectification or erasure of such data, compromises the essence of the fundamental right to effective judicial protection, thus the rule of law.
the Commission did not have competence to restrict the national supervisory authorities’ powers in that way.
the Safe Harbour Decision is invalid
effects on data protection in Council of Europe countries
Anti-Counterfeiting Trade Agreement – ACTAsigned in October 2011 by Australia, Canada, Japan, Morocco, New Zealand, Singapore, South Korea, and the United States. In 2012, Mexico, the European Union and 22 countries which are member states of the European Union signed as well Foreign Intelligence Surveillance Act of 1978 – FISA Copyright regulation National laws …..
Other forums for data
protection
Click icon to add picture• International Conference of Data Protection and Privacy Commissioners
• International Working Group on Data Protection in Telecommunications
• European Conference of Data Protection Authorities
• Central and Eastern Europe Data Protection Authorities
- OECD- GPEN - EuroDIG• IGF ...
Data protection is ever present and yet challenges remain
Why?
Impact of internetDifferent national law
Concept of Privacy
googleFacebook
Mobile apps